• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.3946-3965
• /
• 2018

Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.

• Journal of the Korea Convergence Society
• /
• v.8 no.8
• /
• pp.51-57
• /
• 2017

A wireless sensor network is composed of many resource constrained sensor nodes. These networks are attacked by malicious attacks like DDoS and routing attacks. In this paper, we propose the intrusion detection and prevention system using convergence of software-defined networking and security technology in wireless sensor networks. Our proposed scheme detects various intrusions in a central server by accumulating log messages of OpenFlow switch through SDN controller and prevents the intrusions by configuring OpenFlow switch. In order to validate our proposed scheme, we show it can detect and prevent some malicious attacks in wireless sensor networks.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.3-10
• /
• 2020

Recently, the Internet and networks are regarded as essential infrastructures that constitute society, and security threats have been constantly increased. However, the network switch that actually transmits packets in the network can cope with security threats only through firewall or network access control based on fixed rules, so the effective defense for the security threats is extremely limited in the network itself and not actively responding as well. In this paper, we propose an in-network security framework using the high-level data plane programming language, P4 (Programming Protocol-independent Packet Processor), to deal with DDoS attacks and IP spoofing attacks at the network level by monitoring all flows in the network in real time and processing specific security attack packets at the P4 switch. In addition, by allowing the P4 switch to apply the network user's or administrator's policy through the SDN (Software-Defined Network) controller, various security requirements in the network application environment can be reflected.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.733-750
• /
• 2019

Software Defined Networking (SDN) is a new network paradigm, allowing administrators to manage networks through central controllers by separating control plane from data plane. So, one or more controllers must locate outside switches. However, this separation may cause delay problems between controllers and switches. In this paper, we therefore propose a Priority-based Scheduling policy for OpenFlow (PSO) to reduce the delay of some significant traffic. Our PSO is based on packet prioritization mechanisms in both OpenFlow switches and controllers. In addition, we have prototyped and experimented on PSO using a network simulator (ns-3). From the experimental results, PSO has demonstrated low delay for targeted traffic in the out-of-brand control network. The targeted traffic can acquire forwarding rules with lower delay under network congestion in control links (with normalized load > 0.8), comparing to traditional OpenFlow. Furthermore, PSO is helpful in the in-band control network to prioritize OpenFlow messages over data packets.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4108-4122
• /
• 2016

To address challenges of an unprecedented growth in mobile data traffic, the ultra-dense network deployment is a cost efficient solution to off-load the traffic over other small cells. However, the real traffic is often much lower than the peak-hour traffic and certain small cells are superfluous, which will not only introduce extra energy consumption, but also impose extra interference onto the radio environment. In this paper, an elastic energy efficient cell management scheme is proposed based on flow scheduling among multi-layer ultra-dense cells by a SDN controller. A significant power saving was achieved by a cell-level energy manager. The scheme is elastic for energy saving, adaptive to the dynamic traffic distribution in the office or campus environment. In the end, the performance is evaluated and demonstrated. The results show substantial improvements over the conventional method in terms of the number of active BSs, the handover times, and the switches of BSs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4529-4548
• /
• 2016

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.133-135
• /
• 2018

In these days, providing flexible and personalized network services subject to customers' requirements becomes an interesting issue for network service providers. Moreover, because each network service provider own finite network resources and infrastructure, dynamic network provisioning is essential to leverage the limited network resources efficiently and effectively for supporting personalized network services. Recently, as the population of mobile devices increases, the location-awareness becomes as important as the QoS-awareness to provision a network service dynamically. In this paper, we propose a framework for providing location-aware dynamic network services. This framework includes the web user interface for obtaining customers' requirements such as locations and QoS, the network generator for mapping the requested locations and network infrastructure, the network path calculator for selecting routes to meet the requested QoS and the network controller for deploying a prepared network services into SDN(Software-Defined Networking) enabled network infrastructure.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5404-5424
• /
• 2018

This work is mainly focused on two major topics in cloud platforms by using OpenStack as a case study: management and provisioning of resources to meet the requirements of a service demanded by remote end-user and relocation of virtual machines (VMs) requests to offload the encumbered compute nodes. The general framework architecture contains two subsystems: 1) An orchestrator that allows to systematize provisioning and resource management in OpenStack, and 2) A resource utilization based subsystem for vibrant VM relocation in OpenStack. The suggested orchestrator provisions and manages resources by: 1) manipulating application program interfaces (APIs) delivered by the cloud supplier in order to allocate/control/manage storage and compute resources; 2) interrelating with software-defined networking (SDN) controller to acquire the details of the accessible resources, and training the variations/rules to manage the network based on the requirements of cloud service. For resource provisioning, an algorithm is suggested, which provisions resources on the basis of unused resources in a pool of VMs. A sub-system is suggested for VM relocation in a cloud computing platform. The framework decides the proposed overload recognition, VM allocation algorithms for VM relocation in clouds and VM selection.

• Journal of Internet Computing and Services
• /
• v.22 no.5
• /
• pp.27-33
• /
• 2021

With the broad adoption of the Internet of Things (IoT) in a variety of scenarios and application services, management and orchestration entities require upgrading the traditional architecture and develop intelligent models with ultra-reliable methods. In a heterogeneous network environment, mission-critical IoT applications are significant to consider. With erroneous priorities and high failure rates, catastrophic losses in terms of human lives, great business assets, and privacy leakage will occur in emergent scenarios. In this paper, an efficient resource slicing scheme for optimizing federated learning in software-defined IoT (SDIoT) is proposed. The decentralized support vector regression (SVR) based controllers predict the IoT slices via packet inspection data during peak hour central congestion to achieve a time-sensitive condition. In off-peak hour intervals, a centralized deep neural networks (DNN) model is used within computation-intensive aspects on fine-grained slicing and remodified decentralized controller outputs. With known slice and prioritization, federated learning communications iteratively process through the adjusted resources by virtual network functions forwarding graph (VNFFG) descriptor set up in software-defined networking (SDN) and network functions virtualization (NFV) enabled architecture. To demonstrate the theoretical approach, Mininet emulator was conducted to evaluate between reference and proposed schemes by capturing the key Quality of Service (QoS) performance metrics.

• Journal of KIISE
• /
• v.44 no.9
• /
• pp.976-985
• /
• 2017

Wireless mesh network (WMN) is a promising technology for building a cost-effective and easily-deployed wireless networking infrastructure. To efficiently utilize limited radio resources in WMNs, packet transmissions (particularly, redundant packet transmissions) should be carefully managed. We therefore propose a lightweight traffic redundancy elimination (LTRE) scheme to reduce redundant packet transmissions in software-defined wireless mesh networks (SD-WMNs). In LTRE, the controller determines the optimal path of each packet to maximize the amount of traffic reduction. In addition, LTRE employs three novel techniques: 1) machine learning (ML)-based information request, 2) ID-based source routing, and 3) popularity-aware cache update. Simulation results show that LTRE can significantly reduce the traffic overhead by 18.34% to 48.89%.